Skip to main content

NIST 800-63B



NIST Special Publication 800-63B is a digital identity guideline that provides recommendations on types of authentication processes that may be used at various Authenticator Assurance Levels (AALs). It applies to the digital authentication of subjects to systems over a network. The version used for this section is NIST 800-63B.


5_1_1_2. Memorized secret verifiers
127. Store hashed passwords
132. Passphrases with at least 4 words
134. Store passwords with salt
135. Passwords with random salt
139. Set minimum OTP length
332. Prevent the use of breached passwords
333. Store salt values separately
334. Avoid knowledge-based authentication
5_1_3_2. Out-of-band verifiers
335. Define out of band token lifespan
5_1_4_2. Single-factor OTP verifiers
140. Define OTP lifespan
5_2_3. Use of biometrics
231. Implement a biometric verification component
5_2_5. Verifier impersonation resistance
088. Request client certificates
5_2_8. Replay resistance
030. Avoid object reutilization
6_1_1. Binding at enrollment
136. Force temporary password change
137. Change temporary passwords of third parties
367. Proper generation of temporary passwords
7_1. Session bindings
025. Manage concurrent sessions
028. Allow users to log out
030. Avoid object reutilization
031. Discard user session data
329. Keep client-side storage without sensitive data
7_1_1. Browser cookies
029. Cookies with security attributes
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.